Managing Certificate Authorities

Each network device is given a "certificate" to prove its identity and, in some cases, allow it to issue other certificates.

Certificates contain two parts:



A Public key which can be safely and securely shared



A Private key which is held only by the device to identify it according to the public key

Certificates that can issue other certificates are known as Certificate Authorities. Certificate Authorities can create and sign for other certificates using their own private keys to verify that the signed certificate is trusted.

When the Smoothwall’s instant messenger proxy or Guardian module are configured to intercept SSL traffic, certificates must be validated. This is done by checking them against the list of installed Certificate Authorities (CA).